Vercel, Context.ai, and the Case Against Bearer Secrets
One OAuth token at a third-party AI vendor turned into ‘rotate all your secrets’ for a subset of Vercel customers. The blast radius wasn’t an accident of this breach — it’s the default for extractable, long-lived credentials.